Re: [heycam/webidl] Only install @@toStringTag on the prototype (#357) from Travis Leithead on 2017-12-06 (public-webapps-github@w3.org from December 2017)

From: Travis Leithead <notifications@github.com>
Date: Wed, 06 Dec 2017 18:49:51 +0000 (UTC)
To: heycam/webidl <webidl@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <heycam/webidl/pull/357/c349737234@github.com>

I'm supportive of option a or b. Option b is interesting and implies that there is still some magic internal branding that the getter native code has access to that is not exposed. Whether making that distinction (between instance and prototype of instance) is important for web developers, I don't know. My gut feeling is that any change to prototype object's toString value is much less impactful than changes to the instance (where lots of old code checks against a literal string `"[object X]"`). Impact-wise, I expect this to be similar to the change of constructors (interface objects) to be functions instead of objects (which changed their toString value dramatically; yet saw virtually no web-compat impact).

We really need a reliable brand-detection API. It's pretty obvious, even with Chrome's changes, that there is something fundamentally immutable about a DOM instance that is needed for the DOM to operate correctly (at least while the DOM is not fully-implemented in script--a fact of life for the near future anyway). For example, consider this:

```js
document.__proto__ = Text.prototype; // Is document now text?
document.toString(); // Chrome reports it is (using @@toStringTag from Text.prototype)
Object.prototype.toString.call(document); // Also reported as "[object Text]", so... rebranded?
// Yet the DOM itself can't be made to see the brand-change...
Document.prototype.getElementById.call(document, "no-matching-id"); // null (rather than exception)
Document.prototyep.getElementById.call(new Text("real Text instance"), "no-matching-id");
// That last call throws due to a brand-check done implicitly by the DOM; 
// it is not fooled by the previous document-looking-like-Text
```
So, let's make some progress (but not in this issue as you noted initially) against the API for reading out the reliable DOM branding of an instance/prototype. If we take it away via toString, let's put it back for the use cases that would really like it via something else. E.g.,
```js
// would not lie, even with the previous example's manipulations (and would work cross-realm?)
Document.isInstance(document); 
// or
Object.getOwnNativeBrand(document); // returns "[object Document]"
Object.getOwnNativeBrand(Document.prototype); // returns "[object DocumentPrototype]"
```




-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/heycam/webidl/pull/357#issuecomment-349737234

Received on Wednesday, 6 December 2017 18:50:16 UTC